× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a026e3bfa6f4078baf312f50a6111a5c2e79eb0cac3ed534f8c10d8b767e43b
File name: 474382b24b665086a24ea2345edd58e9bec981d7_yettiownssomelilz.ex
Detection ratio: 39 / 47
Analysis date: 2013-11-22 19:14:37 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Yandex Trojan.Kryptik!R1XJI0dLSj0 20131122
AhnLab-V3 Win-Trojan/Tdss.1870848 20131122
AntiVir TR/Crypt.XPACK.Gen 20131122
Avast Sf:Mystic [Cryp] 20131122
AVG Downloader.Crypter.O 20131122
Baidu-International Trojan.Win32.Ransomlock.aOU 20131122
BitDefender Gen:Variant.Tdss.27 20131122
Bkav W32.Clod96b.Trojan.f2eb 20131122
Commtouch W32/Trojan.QRIE-9250 20131122
Comodo MalCrypt.Indus! 20131122
DrWeb Trojan.MulDrop.54863 20131122
Emsisoft Gen:Variant.Tdss.27 (B) 20131122
ESET-NOD32 Win32/TrojanDropper.Microjoin.C 20131122
F-Prot W32/TrojanX.ENGH 20131122
F-Secure Gen:Variant.Tdss.27 20131122
Fortinet W32/Zbot.RP!tr 20131122
GData Gen:Variant.Tdss.27 20131122
Ikarus Trojan-Downloader.Crypter 20131122
K7AntiVirus Trojan ( 0e4baf210 ) 20131122
K7GW Backdoor ( 04c533ab1 ) 20131122
Kaspersky Trojan-Ransom.Win32.XBlocker.ala 20131122
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
McAfee Artemis!5F7795448DC8 20131122
McAfee-GW-Edition Artemis!5F7795448DC8 20131121
Microsoft PWS:Win32/Zbot 20131122
eScan Gen:Variant.Tdss.27 20131122
NANO-Antivirus Trojan.Win32.XBlocker.ymqi 20131122
Norman Suspicious_Gen2.BFIMF 20131122
Panda Trj/Genetic.gen 20131122
Sophos AV Mal/EncPk-RP 20131122
SUPERAntiSpyware Trojan.Agent/Gen 20131122
Symantec Packed.Mystic!gen4 20131122
TheHacker Trojan/XBlocker.ala 20131122
TotalDefense Win32/Zbot.BVU 20131121
TrendMicro TROJ_FRAUD.SMEV 20131122
TrendMicro-HouseCall TROJ_FRAUD.SMEV 20131122
VBA32 Trojan.ExpProc.014 20131122
VIPRE VirTool.Win32.Obfuscator.ah!a (v) 20131122
ViRobot Trojan.Win32.S.XBlocker.1870848 20131122
Antiy-AVL 20131122
ByteHero 20131118
CAT-QuickHeal 20131122
ClamAV 20131122
Jiangmin 20131122
Malwarebytes 20131122
nProtect 20131122
Rising 20131122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-07-20 01:09:59
Entry Point 0x00001077
Number of sections 4
PE sections
PE imports
ExitProcess
LoadLibraryA
VirtualAlloc
GetProcAddress
ReleaseSemaphore
Number of PE resources by type
RT_STRING 4
RT_VERSION 4
RT_RCDATA 3
RT_BITMAP 2
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:07:20 02:09:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
560640

LinkerVersion
9.0

Warning
Invalid Version Info block

EntryPoint
0x1077

InitializedDataSize
1309696

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5f7795448dc8c8c4c369839ab9ac184e
SHA1 474382b24b665086a24ea2345edd58e9bec981d7
SHA256 8a026e3bfa6f4078baf312f50a6111a5c2e79eb0cac3ed534f8c10d8b767e43b
ssdeep
49152:oXPAKie7h0zUkRKr4tgjThCHUQT8wl4s:ofAKiIEUMKZjTAHUu1

File size 1.8 MB ( 1870848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-06-24 09:22:58 UTC ( 7 years, 7 months ago )
Last submission 2013-11-22 19:14:37 UTC ( 4 years, 2 months ago )
File names 474382b24b665086a24ea2345edd58e9bec981d7_yettiownssomelilz.ex
aa
iiR1Sas1Kf.xlt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!